Technically, the keys are in the processor's state. You are just trusting that it won't divulge the keys without a correct PIN. You are also trusting the processor is properly secured. And you are trusting that no one would go through the effort to extract the keys physically with scanning probe microscopy or something.